[bitbucket-server] support for projects and prebuilds

[AlexTugarev]

Description

This enables prebuilds for Bitbucket Server integrations.

Breaking Changes

• Admin scopes are required to make the webhook creation work. Full set of scopes to enable for the OAuth App: PUBLIC_REPOS, REPO_READ, REPO_WRITE, REPO_ADMIN, PROJECT_ADMIN
• Due to a change in Identity.authName mapping, users need to re-login to get that updated, otherwise repository services wont be able to read permissions properly.

Related Issue(s)

Fixes #8455

How to test

• Make sure to create a new account in the preview environment
• Make sure to create an account in https://bitbucket.gitpod-self-hosted.com (hint: log in as "roboquat" with the credentials in 1password, then create a new user account for yourself)
• Try to add repos with admin permission as projects. Test with personal repos as well as repos in repos.
  • Verify that webhooks are created on the BBS.
• Open workspaces for those repos and make changes.
  • Verify that prebuilds are triggered.
  • Verify that prebuilds ran on the proper branch for example.

TODO

• manage and use webhook secret to verify events

Known issues or out of scope

• No support for Issue and PR contexts
• No UI for setting up a BBS integration (this has to be done via config at the moment)

Release Notes

Adding support for Projects and Prebuilds for Bitbucket Server. 

[csweichel]

Awesome work - we really need this change.
/cc @geropl what do we need to do to get this merged?

[geropl]

@AlexTugarev Can you raise this within the team to get a review this week? Maybe from Jan?

[jldec]

/werft run

👍 started the job as gitpod-build-at-bbs.14

[jldec]

Validated adding integration as a user by opening a workspace on a prefixed URL.
Works as expected ✅

layout of the scopes is a bit wide, but not a big problem (look similar to existing BB integration)

[jldec]

• resolved

New project flow fails to fetch branches (upper-case/lower-case issue?) for repo at
https://bitbucket.gitpod-self-hosted.com/projects/JLDEC/repos/jldec-repo-march-30/browse

[jldec]

Project on personal repo is able to fetch branches. ✅
Branch list formatting is off (because of avatar - see similar issue for GHE in #8755)

[jldec]

Project on same personal repo shows error when looking for .gitpod.yml under configuration page.

[jldec]

• error in ~username context urls. ACK'd, but fixup is not yet pushed to not disturb reviewers.

The button to start a new workspace after creating a new project on a personal repo, appears to create a broken context url since it uses the clone url path scm/~jldec/test-repo2.git. Replacing that context url with the actual url path from BBS does work users/jldec/repos/test-repo2/browse

[jldec]

• fixed

There does not appear to be any installed webhook on any of the repos for which I have created a project.

[AlexTugarev]

@jldec, please check again 🙏🏻

Also, pay attention to the Breaking Changes, esp. to the re-login step. Casing of the auth name was wrong in my account. I've added tests for that, it should meet the expectations in both directions and match the permission queries.

In your case, which is assumingely uncommon, there is a project and a user account named equally. Something you would not expect to be possible. I've change the workaround to try projects first, this should resolve the issues from above as well.

Let's see if we need a 3rd round 🤞🏻

[AlexTugarev]

Just found an issue with the New Project wizard, which was actually reported several times, but we seem to not have found a repro for: User.identities contain a Gitpod identity, which AFAIU is used to authorize webhook event handler (i.e. for prebuild events) and this is not handled nor expected.

I'll make a drive-by-change to exclude them from the results of GitpodService.getAuthProviders as it's likely unexpected/unhandled in other places.

[easyCZ]

• AT: that's a configuration issue no BBS. they are rendering an error page. I've improved the error message propagation, so if you try to start a workspace, you'll see a helpful message. BTW: we've discussed a general error component in the dashboard to show system/project errors, THIS could be used to provide instant feedback on the branches overview.

I'm unable to see prebuilds for my project:

Steps:

1. Create a bitbucket project
2. Import https://gitlab.com/gitpod-milan/gitpod-large-image as a repo
3. Create gitpod project
4. Navigate to Branches - nothing visible

5. Try `Run prebuild` - nothing happens, request response contains

Request triggerPrebuild failed with message: 404 / Not Found

7. Project Settings also seem to not have access to the repo properly

[easyCZ]

[nit] Would be good to comment that we're requesting REPO_ADMIN because that's the minimum role required to create webhooks.

[easyCZ]

[nit] It can be sometimes helpful to communicate the reasoning for a particular check though a method name. For example:

if (hasPermissionToCreateWebhooks(permission) {

[AlexTugarev]

@easyCZ, please invite me to your project to reproduce #8896 (comment)

[jankeromnes]

Many thanks for implementing BBS! 🏭

Gave this a spin, and was able to successfully add a Bitbucket project! 🎉

---

Minor: The UI looks a little bit unpolished still --

1. No BBS provider icon? 2. Should BBS really be visible by default on Login?	3. Uppercase scopes? 4. Without scope descriptions?	5. Why the ~ in my name? 6. Shouldn't the project name be vertically centered?

• 1. Include a button icon on the login page for Bitbucket Server provider #8603
• 2. for this preview env the config is injected manually(!) as there is no alternative ATM.
• 2. Configuration UI to register Bitbucket Server instance #9010
• 3. 4. 🛹. also, we need to figure out if scope elevation is wanted, or if PROJECT_ADMIN is required.
• 5. ~username is to separate from username which would point to a non-personal, i.e. regular, project. weird.

---

Also, I wasn't able to start a workspace for some reason:

• AT: this is tackled in most recent changes. see comments bellow.

Add empty repo, click on New Workspace	Fails with 404? 😳

[AlexTugarev]

@jankeromnes thanks for asking on the ~

Why the ~ in my name?

That indicated personal projects. As @jldec managed to create a personal and a regular project of the same name, I'd consider that a "feature"! Seriously, I've no idea of how to treat that properly. Ambiguity of project name is hard. Let's have the ~ until we learn, how if there is a better way to handle it. Having that said, I see no way in removing it without breaking the other project kinds. Ok?

[jankeromnes]

• AT: that's the "no default branch" situation to be resolved on BBS. latest change introduced better error message propagation, which explains the problem.

Okay, I was now able to push changes to my BBS repository. Unfortunately, no Prebuilds are being triggered.

When I try the Run Prebuild button, it fails with the same 404 message. I guess this is the ~ problem as well?

[easyCZ]

Thanks, I've tested this as far as I can and seems to work. There are still some rough edges on the integration (largely due to BitBucket Server being a bit crazy) but I think this is a good enough 🛹 .

Code-wise, looks sensible but I don't yet have full context to know if there are skeletons.

[easyCZ]

/hold

[jankeromnes]

Nice! Feels like this is closing in on the finish line. 🏁

I've noticed a few remaining rough edges though:

• This button looks awkward (in "New Project", but I guess it's the same as Include a button icon on the login page for Bitbucket Server provider #8603)

• When I add my project "YOLO" (https://bitbucket.gitpod-self-hosted.com/scm/~jan/yolo.git) as a new project, it fails with:

(The project is actually still created, but I guess without a webhook, because prebuilds do not trigger automatically on pushes)

[jldec]

I was a bit surprised to get the extra login button when I start a totally new session - if we ship this and configure our BBS integration for testing, we don't want everyone else (non-gitpod) who lands on gitpod.io for the first time to see the extra button. Can you confirm that this will not be the case for SaaS?

[jldec]

Regarding the button formatting - the lack of image, and the way the button text bleeds to the edges does look unpolished. I understand that it's cosmestic, but the first impression users see is important as well.

[AlexTugarev]

Can you confirm that this will not be the case for SaaS?

@jldec, don't worry, one need to do a backflip to get it running on self-hosted, there is no path for this to get initialized on SaaS.

[AlexTugarev]

Thanks @jankeromnes, overlooked your issue with the 404 error. I could reproduce it on a fork. Trying to get this sorted out before proceeding.

edit

Awesome! That was indeed a bug in "can install webhook" logic for repos in personal accounts. There is an API which should not be called for personal accounts, but it was.

I changed and updated the branch.

[AlexTugarev]

/unhold